What do Owl products do?
Owl Computing products enable the secure, hardware-enforced, one-way-only transfer of data between network domains of different security levels and policies.
Owl solutions ensure the isolation of both networks, while facilitating the delivery of mission-critical, and time-critical, information.
↑Back to Questions↑

How do Owl products work?
Our core products are combinations of Owl-designed communication card hardware & drivers, and internally developed software applications. Communication cards are
mounted in Send-only (Blue) and Receive-only (Red) server platforms, connected via fiber-optic or copper cabling. Owl software, specific to the kind(-s) of data
to be transferred, is installed in both platforms. The Blue Owl application converts the data to Owl proprietary format, segments it to ATM cells, and sends
it to the Red machine. The Red Owl application restores the information to its original format, for distribution to selected destinations.
↑Back to Questions↑

What is a data diode?
A data diode is an inter-network connection that permits information to travel in one direction only. It is most commonly deployed between two or
more networks of different security classifications.
↑Back to Questions↑

What does an Owl system do?
Owl systems pass data from one computer to another, and/or from one network to another, in one direction only. Data flows forward without impediment at high
throughput rates. Data does not flow at all in the reverse direction. Data transfer may be low-to-high or high-to-low security. Some deployments may
require both uni-directional paths, physically and logically separated but intrinsic to a higher application use.
↑Back to Questions↑

Is the Owl system a firewall?
No. An Owl system does functions like a gateway, but with an important difference: data flows in one direction only, and paths are preconfigured. Because security
is enforced in hardware, there is no possibility of security breach through software attack. Owl drivers have been developed internally and are not dependent on
the TCP/IP communication stack of hosts on which they reside. An Owl data diode solution is a "non-routable" protocol break between the two networks it
connects one-way. Owl systems cannot be "hacked."
↑Back to Questions↑

What types of error-checking are used in Owl systems?
Data is verified at multiple levels. Error-checking is performed in hardware in accordance with ATM AAL5 protocol. At a higher level, advanced hash
algorithms are used to validate integrity of IP packets assembled from ATM cells. Packet sequences are also verified. Finally, the packets are
merged into higher level data structures that are also verified using advanced hash algorithms.
↑Back to Questions↑

How fast will data flow through an Owl system?
Owl Communication Cards are designed to meet individual client capacity needs. Link speeds range from 1Mbps to 2.488Gbps, with a 10Gbps product to be available
in early 2012.

For an example of throughput, link speed for Owl 2500 Communication Cards is 2.488 Gigabits/sec. When configured for clear-channel, an Owl 2500 pair transfers
up to 270 MegaBytes/sec of content. When configured as channelized, a 2500 pair will support up to 8 virtual connections over a single physical link,
each connection configurable to meet individual application needs.
↑Back to Questions↑

How does Owl manage log files?
Owl provides log file capability on Send-only and Receive-only servers. The level of detail of information that is stored in these log files is controlled by an
argument in the startup scripts. All software applications support the Owl log file-management system, and the maintenance of historical information such as
data archiving, aging, etc.

Log files may be viewed locally or remotely by Owl Performance Management Service OPMS, on which real-time logs are replicated and displayed graphically
via a Web interface. Alternately, Owl Log Forwarding Service (OLFS) delivers log information as a datagram stream to a third-party enterprise network
manager, or as static files for admin analysis.
↑Back to Questions↑

Can we run multiple Owl Applications on the same machine(s)?
Yes. Owl SNTS supports concurrent UDP, TCP, and file transfer; a single Communication Card set enables the hardware transfers. With channelized Owl 2500 cards,
for specific user needs, multiple Owl applications may be run onindividual machines, with one card set.
↑Back to Questions↑

What other Patents has Owl been granted?
On March 9, 2010, Owl received Patent Number: 7,675,867 for One-Way Data Transfer with Built-In Data Verification Mechanism, and
markets the technology as the Owl Sercure Acknowledgement Engine (OSAE).
View Patent Document.

On May 10, 2011, Owl was granted Patent Number: 7,941,526 for Transmission of Syslog Messages over a One-Way Data Link, to transfer
syslog messages over DualDiode® Technology.
View Patent Document.

On March 20, 2012, Owl was awarded Patent Number: 8,139,581 B1 for "Concurrent Data Transfer involving two or more
Transport Layer Protocols over a Single One-Way Data Link"
View Patent Document.↑Back to Questions↑

Accreditable:
All Owl DualDiode Technology products may be included in cross-domain solutions that require accreditation in operational deployment. Owl products function in
over 1200 accredited applications throughout the DoD, US Intelligence community and other government agencies. Owl Perimeter Defense solutions are deployed
throughout Critical Infrastructure organizations.

As of March 2012, Owl has two entries on the UCDMO Baseline Inventory as an accredited Cross Domain Solutions – OCDS-FT01 (formerly Owl 4.0) for low-to-high
file transfer at link speed 155Mbps woth Solaris OS, and ECDS-FT01 for enterprise file transfer at link speed 2.5Gbps with Linux OS. A third candidate
– OCDS-ST01 – will shortly join the first two. ST01 enables the secure transfer of Full Motion Video and COTS files.

I have been directed to review the UCDMO Baseline Configurations against my requirements. How do Owl solutions fit into the currently listed Baseline solutions?
As of January 27, 2012, Owl OCDS-FT01 (formerly Owl 4.0) & the Owl ECDS-FT01 (formerly ECDS) are accredited Cross Domain Solutions for transfer on the
UCDMO Cross Domain Baseline List.
This designation describes solutions that are accredited, and have been successfully evaluated for re-use by other programs requiring these functionalities.
This is in addition to many existing niche and individually accredited solutions for individual Agency, DOD or program uses.

"The baseline serves as check-here-first place, because items on the baseline can save the agency time and money. Rather than re-inventing the wheel,
if an agency starts with something from the baseline, it could possibly cut start-to-operate time from years to months," said Jill Savin, UCDMO
communications and outreach officer.
"Some agencies are putting policies in place to instruct their information assurance and IT shops only to consider baseline solutions when looking at
new cross domain needs, since these solutions are known entities. But this is an agency decision, not something mandated by the UCDMO," Savin said."
Military Information Technology, volume 14, issue 1, February 2010, p. 6.

"The UCDMO Baseline List is not a 'sales' list, it is a re-use list. It is not necessary for a technology/product to be on the UCDMO Baseline before it can
be bought or installed somewhere. In fact, sometimes mission requirements may necessitate a solution that is not on the Baseline. However, it is up to
each Agency to decide what their policy on new technologies will be. Some Agencies are restricting their networks to only use items already on the
UCDMO Baseline. This is an Agency decision, not the UCDMO's."
CAPT Kevin Peterson, Executive Assistant, Space and Naval Warfare Systems Command↑Back to Questions↑

Do we have to re-certify when we modify or create new software applications based on Owl systems?
No. Security in Owl systems is primarily enforced in hardware, and it is Owl hardware that is certified.
↑Back to Questions↑

Can the Owl system improve the security of my network?
Yes. Owl systems are designed to prevent leakage of sensitive information from secure isolated networks. Data flows into the secure network, but cannot
flow out through the same channel. Without the capability of bilateral communications, the secure network is rendered impervious to probing cyberattacks.
↑Back to Questions↑

If Owl products send data one-way only, then how do I know my data arrived successfully?
The Owl suite of secure one-way data transfer systems does not provide any backchannel for data verification. Instead, Owl systems perform multiple levels
of error-checking on both the Send and Receive machines as data is being sent. Owl systems have proven highly reliable, and are widely used by the most demanding
IT customers in the US DoD, US Intelligence Community and major critical infrastructure customers.

For clients requiring explicit confirmation of data receipt, the Owl Secure Acknowledgement Engine provides this capability, with no compromise to the original
one-way transfer of information.
↑Back to Questions↑

Can the Owl system support multiple users?
Yes. Owl systems are server-based; the combination of high throughput and seamless network integration accommodates multiple concurrent users.

In Enterprise Services deployments, an Owl ECDS can support a wide range of service subscribers, each with its own set of security policies, across a single
physical link.

For Process Control customers, an Owl Perimeter Defense solutions can support a range of different applications, with up to 32 individual connections,
on a single physical chassis.
↑Back to Questions↑

Can I move large files through the Owl system?
Yes. Multi-GigaByte and TeraByte-scale files have been reliably transferred through Owl systems. In such cases, Owl 2500 Communication Cards are preferred
because of their high link speed (2.488 Gigabits per sec) and high content throughput rates (clear channel - 270+ MegaBytes/sec) automate transfers that had
typically been sneaker-net/walk-net transactions. An estimated file size upper limit of 2 TeraBytes is imposed by limitations in host operating systems.
↑Back to Questions↑

Will the Owl system transfer streaming video?
Yes. Owl solutions will pass streaming video in real-time. On the Send-only server, the optional Owl MUX/DEMUX Server application supports N instances of
distinct UDP streams. On the Receive-only server, the MUX Server supports unicast, multicast, and broadcast distribution modes.
The OCDS-ST01 Cross Domain Solution is specifically designed to support video and COTS files transfers.
↑Back to Questions↑

How does Owl offer a TCP product in a one-way environment, if TCP typically requires handshaking?
With Owl TPTS, TCP client establishes a "handshake" with TCP server on the Send-only machine. TCP/IP address information is stripped from
the incoming packets, with packet payload transferred to the Receive-only machine. The receiving machine establishes a TCP handshake with its
intended recipient and completes the transfer. In Web Server language, the Owl application may be thought of as a one-way proxy. For maximum security,
no IP routing information is passed across the one-way link.
↑Back to Questions↑

Do any Owl products provide encryption?
Yes. Owl Remote File Transfer Service may impose encryption and authentication on files delivered as TCP/IP packets across networks, or from a source,
across a DualDiode transfer, to a destination.

Other encrypt/decrypt services may be integrated into an Owl cross-domain solution, as with malware scanning and/or data filters. Our products provide a
physical one-way link that allows users to safely send data and trust that absolutely no information - not even handshaking protocols - escapes from your
private network via our products.
↑Back to Questions↑

With what hardware and software are Owl systems compatible?
Owl systems are designed for compatibility with all network devices that support standard IP network communication protocols. Owl secure one-way data
transfer systems are designed to function transparently on their host networks. Owl one-way data transfer hardware may be installed in any computer
platform with standard PCI-x or PCI-e bus slots operating at 3.3 volts or 5 volts. Owl hardware and software has been extensively tested with a
wide range of operating systems - Windows, Solaris, and LINUX. Check under the Products sub-menu for up-to-date Version Information.
↑Back to Questions↑

What components are included in a Turnkey purchase option?
Today, in most cases customers purchase Owl products either as Communication Card sets with application-specific Owl software, or as fully developed
Cross Domain Solutions (CDS) [or Perimeter Defense Solutions (PDS)]. Turnkeys include all the application-specific items, two rackmount servers with
the selected Owl communication cards and application software, tested and installed.
↑Back to Questions↑

How much does an Owl system cost?
Owl systems vary in price based on Owl Communication Card selection, Owl software required for user-specific data types, CDS or PDS requirements, and
optional lifecycle & configuration management. Contact us, via the Contact Form included on this website, or call Owl Sales toll-free 866.695.3387,
for pricing details on your application.
↑Back to Questions↑

Can Owl products be exported?
All Owl Communication Cards have an ECCN number of 5A991 with an AT1 restriction -- they can ship almost anywhere (exceptions, --
Cuba, Iran, Iraq is OK with some additional restrictions〉, Libya, N. Korea, Sudan and Syria.

Detailed information on ECCN 〈Export Control Classification Number〉 can be
Found Here.

Are you compliant with section 508 of the Rehabilitation Act?
Owl Computing Technologies, Inc.'s products are considered fully compliant with the applicable provisions of section 508 of the Rehabilitation Act.
Owl products are designed to work seamlessly with accessibility enhancement features of their host platform operating systems, thus enabling Federal
employees with disabilities to interact with Owl systems with the same effectiveness as Federal employees without disabilities.
↑Back to Questions↑